Security, Identity & Compliance Flashcards

1
Q

Amazon Cloud Directory

Security, Identity & Compliance

A

Amazon Cloud Directory | Security, Identity & Compliance

Amazon Cloud Directory is a cloud-native, highly scalable, high-performance, multi-tenant directory service that provides web-based directories to make it easy for you to organize and manage all your application resources such as users, groups, locations, devices, and policies, and the rich relationships between them. Cloud Directory is a foundational building block for developers to create directory-based solutions easily and without having to worry about deployment, global scale, availability, and performance.

Unlike existing traditional directory systems, Cloud Directory does not limit organizing directory objects in a single fixed hierarchy. In Cloud Directory, you can organize directory objects into multiple hierarchies to support multiple organizational pivots and relationships across directory information. For example, a directory of users may provide a hierarchical view based on reporting structure, location, and project affiliation. Similarly, a directory of devices may have multiple hierarchical views based on its manufacturer, current owner, and physical location.

Cloud Directory provides virtually unlimited directories. It scales each directory to hundreds of millions of nodes automatically while offering consistent performance. Cloud Directory is optimized for a high rate of low-latency, eventually consistent reads. Developers model directory objects using extensible schemas to enforce data correctness constraints automatically and to make it easier to program against. Cloud Directory offers rich information lookup based on customer-defined indexed attributes, thus enabling fast tree traversals and searches within the directory trees. Cloud Directory data is encrypted at rest and in transit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Amazon Cognito

Security, Identity & Compliance

A

Amazon Cognito | Security, Identity & Compliance

Amazon Cognito lets you easily add user sign-up and authentication to your mobile and web apps. Amazon Cognito also enables you to authenticate users through an external identity provider and provides temporary security credentials to access your app’s backend resources in AWS or any service behind Amazon API Gateway. Amazon Cognito works with external identity providers that support SAML or OpenID Connect, social identity providers (such as Facebook, Twitter, Amazon) and you can also integrate your own identity provider.

In addition, Amazon Cognito enables you to synchronize data across a user’s devices so that their app experience remains consistent when they switch between devices or upgrade to a new device. Your app can save data locally on users’ devices allowing your applications to work even when the devices are offline and then automatically synchronize the data when the device is back online.

With Amazon Cognito, you can focus on creating great app experiences instead of worrying about building, securing, and scaling a solution to handle user management, authentication, and sync across platforms and devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Amazon GuardDuty

Security, Identity & Compliance

A

Amazon GuardDuty | Security, Identity & Compliance

Amazon GuardDuty offers threat detection that enables you to continuously monitor and protect your AWS accounts and workloads. GuardDuty analyzes continuous streams of meta-data generated from your account and network activity found in AWS CloudTrail Events, Amazon VPC Flow Logs, and DNS Logs. It also uses integrated threat intelligence such as known malicious IP addresses, anomaly detection, and machine learning to identify threats more accurately.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Amazon Inspector

Security, Identity & Compliance

A

Amazon Inspector | Security, Identity & Compliance

Amazon Inspector is an automated security assessment service that helps you test the security state of your applications running on Amazon EC2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Amazon Macie

Security, Identity & Compliance

A

Amazon Macie | Security, Identity & Compliance

Amazon Macie is an AI-powered security service that helps you prevent data loss by automatically discovering, classifying, and protecting sensitive data stored in AWS. Amazon Macie uses machine learning to recognize sensitive data such as personally identifiable information (PII) or intellectual property, assigns a business value, and provides visibility into where this data is stored and how it is being used in your organization. Amazon Macie continuously monitors data access activity for anomalies, and delivers alerts when it detects risk of unauthorized access or inadvertent data leaks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AWS Artifact

Security, Identity & Compliance

A

AWS Artifact | Security, Identity & Compliance

AWS Artifact, available in the console, is a self-service audit artifact retrieval portal that provides our customers with on-demand access to AWS’ compliance documentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AWS Certificate Manager (ACM)

Security, Identity & Compliance

A

AWS Certificate Manager (ACM) | Security, Identity & Compliance

AWS Certificate Manager (ACM) is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet. ACM removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates. With ACM, you can request a certificate, deploy it on AWS resources such as Elastic Load Balancers, Amazon CloudFront distributions, or APIs on Amazon API Gateway, and let AWS Certificate Manager handle certificate renewals. You can also import third-party certificates into ACM and associate them with supported AWS Services. SSL/TLS certificates provisioned through ACM are free. You pay only for the AWS resources you create to run your application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AWS CloudHSM

Security, Identity & Compliance

A

AWS CloudHSM | Security, Identity & Compliance

The AWS CloudHSM service helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS cloud. AWS and AWS Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS platform, but for some applications and data subject to contractual or regulatory mandates for managing cryptographic keys, additional protection may be necessary. CloudHSM complements existing data protection solutions and allows you to protect your encryption keys within HSMs that are designed and validated to government standards for secure key management. CloudHSM allows you to securely generate, store and manage cryptographic keys used for data encryption in a way that keys are accessible only by you.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AWS Directory Service

Security, Identity & Compliance

A

AWS Directory Service | Security, Identity & Compliance

AWS Directory Service is a managed service offering, providing directories that contain information about your organization, including users, groups, computers, and other resources. As a managed offering, AWS Directory Service is designed to reduce management tasks, thereby allowing you to focus more of your time and resources on your business. There is no need to build out your own complex, highly-available directory topology because each directory is deployed across multiple Availability Zones, and monitoring automatically detects and replaces domain controllers that fail. In addition, data replication and automated daily snapshots are configured for you. There is no software to install and AWS handles all of the patching and software updates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AWS Identity and Access Management (IAM)

Security, Identity & Compliance

A

AWS Identity and Access Management (IAM) | Security, Identity & Compliance

You can use AWS IAM to securely control individual and group access to your AWS resources. You can create and manage user identities (“IAM users”) and grant permissions for those IAM users to access your resources. You can also grant permissions for users outside of AWS (federated users).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AWS Key Management Service (KMS)

Security, Identity & Compliance

A

AWS Key Management Service (KMS) | Security, Identity & Compliance

AWS KMS is a managed encryption service that enables you to easily encrypt your data. AWS KMS provides a highly available key storage, management, and auditing solution for you to encrypt your data across AWS services and within your own applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AWS Organizations

Security, Identity & Compliance

A

AWS Organizations | Security, Identity & Compliance

AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of accounts and then apply policies to those groups. Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AWS Shield

Security, Identity & Compliance

A

AWS Shield | Security, Identity & Compliance

AWS Shield is a managed service that provides protection against DDoS attacks for web applications running on AWS. AWS Shield Standard is available to all AWS customers at no additional cost. AWS Shield Advanced is an optional paid service available to AWS Business Support and AWS Enterprise Support customers. AWS Shield Advanced provides additional protections against larger and more sophisticated attacks for your applications running on Elastic Load Balancing (ELB), Amazon CloudFront and Route 53.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AWS Single Sign-On (AWS SSO)

Security, Identity & Compliance

A

AWS Single Sign-On (AWS SSO) | Security, Identity & Compliance

AWS SSO is an AWS service that enables you to use your existing credentials from your Microsoft Active Directory to access your cloud-based applications, such as AWS accounts and business applications (Office 365, Salesforce, Box), by using single sign-on (SSO).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

AWS WAF

Security, Identity & Compliance

A

AWS WAF | Security, Identity & Compliance

AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly